package com.mm.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

import javax.servlet.http.HttpServletResponse;

@Configuration
@EnableResourceServer
public class CustomResourceServerConfigurer extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                //关闭csrf(跨站请求伪造)
                .csrf().disable()
                //异常处理
                .exceptionHandling()
                .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
                .and()
                //请求授权
                .authorizeRequests()
                //1.anyRequest表示所有请求
                //2.antMatchers(),mvcMatchers()
                //3.authenticated()要求在执行该请求时必须已经登录了应用,permitAll()方法允许请求没有任何的安全限制
                .anyRequest().authenticated()
                .and()
                //httpBasic认证
                .httpBasic();
    }
}
